[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378463: marked as done (diff for 1.2.8rel-5.2 NMU)

Your message dated Mon, 16 Oct 2006 02:05:44 -0700
with message-id <E1GZOPo-0008Df-Na@spohr.debian.org>
and subject line Bug#378463: fixed in libpng 1.2.8rel-7
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: libpng
Version: 1.2.8rel-5.1
Severity: normal
Tags: patch


Attached is the diff for my libpng 1.2.8rel-5.2 NMU.
diff -u libpng-1.2.8rel/debian/changelog libpng-1.2.8rel/debian/changelog
--- libpng-1.2.8rel/debian/changelog
+++ libpng-1.2.8rel/debian/changelog
@@ -1,3 +1,12 @@
+libpng (1.2.8rel-5.2) unstable; urgency=low
+  * Non-maintainer upload.
+  * Backport changes from 1.2.12 to fix a buffer overflow in
+    png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
+    (Closes: #377298)
+ -- Steinar H. Gunderson <sesse@debian.org>  Sun, 16 Jul 2006 16:27:56 +0200
 libpng (1.2.8rel-5.1) unstable; urgency=low
   * Non Maintainer Upload (closes: #356252).
only in patch2:
--- libpng-1.2.8rel.orig/pngrutil.c
+++ libpng-1.2.8rel/pngrutil.c
@@ -275,7 +275,7 @@
       if (ret != Z_STREAM_END)
 #if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
-         char umsg[50];
+         char umsg[52];
          if (ret == Z_BUF_ERROR)
             sprintf(umsg,"Buffer error in compressed datastream in %s chunk",

--- End Message ---
--- Begin Message ---
Source: libpng
Source-Version: 1.2.8rel-7

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

  to pool/main/libp/libpng/libpng12-0-udeb_1.2.8rel-7_i386.udeb
  to pool/main/libp/libpng/libpng12-0_1.2.8rel-7_i386.deb
  to pool/main/libp/libpng/libpng12-dev_1.2.8rel-7_i386.deb
  to pool/main/libp/libpng/libpng3_1.2.8rel-7_all.deb
  to pool/main/libp/libpng/libpng_1.2.8rel-7.diff.gz
  to pool/main/libp/libpng/libpng_1.2.8rel-7.dsc

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 378463@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Mon, 16 Oct 2006 17:34:58 +1000
Source: libpng
Binary: libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source i386 all
Version: 1.2.8rel-7
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 356252 377298 378463 393109
 libpng (1.2.8rel-7) unstable; urgency=low
   * New maintainer. Closes: #393109.
   * ACK NMUs. Closes: #378463, #377298, #356252.
   * debian/control:
     - set Standards-Version to 3.7.2.
     - set Priority to extra for libpng12-0-udeb.
     - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
       dependency lists.
   * Added debian/watch file.
 b38c66c97edadcc58fdb5cb42fa3cef5 700 libs optional libpng_1.2.8rel-7.dsc
 dee626d9d29a5d678f25b7ff76e446fc 16517 libs optional libpng_1.2.8rel-7.diff.gz
 d36c73ff5c40ce33dfe82bad704705b5 874 oldlibs optional libpng3_1.2.8rel-7_all.deb
 4839089a435dc41e837cb30dcc6f0cf9 114820 libs optional libpng12-0_1.2.8rel-7_i386.deb
 024f27ea6235032769bae584dfc86c40 243100 libdevel optional libpng12-dev_1.2.8rel-7_i386.deb
 0203db8529775f092ca2d38f77f8997f 70226 debian-installer extra libpng12-0-udeb_1.2.8rel-7_i386.udeb
Package-Type: udeb

Version: GnuPG v1.4.3 (GNU/Linux)


--- End Message ---

Reply to: